How to Add a User to a Group in Linux
When you need to give a Linux user access to Docker, sudo, shared directories, or other protected resources, you usually add the user to a group. Groups let you manage permissions for several users at once instead of changing permissions for each account separately.
This guide explains how to add an existing user to a Linux group, add a user to multiple groups, change a user’s primary group, and verify that the change was applied.
There are two types of groups:
- Primary group: assigned to a user when the account is created. Usually, the name of the primary group is the same as the username. When a user creates a file, the file’s group is set to the user’s primary group. The primary group is stored in the
/etc/passwdfile. - Secondary (supplementary) groups: used to grant additional permissions. For example, adding a user to the
dockergroup allows them to run Docker commands withoutsudo.
Each user has exactly one primary group and can belong to zero or more secondary groups.
Only root or users with sudo
privileges can modify group membership.
Quick Reference
| Task | Command |
|---|---|
| View user’s groups | id username |
| List group names only | groups username |
| List all system groups | getent group |
| List members of a group | getent group groupname |
| Check whether a user exists | getent passwd username |
| Check whether a group exists | getent group groupname |
| Add user to a group | sudo usermod -a -G groupname username |
| Add user to multiple groups | sudo usermod -a -G group1,group2 username |
| Start a shell with the new group | newgrp groupname |
| Change primary group | sudo usermod -g groupname username |
| Create user with groups | sudo useradd -g primary -G sec1,sec2 username |
| Remove user from a group | sudo gpasswd -d username groupname |
| Create a group | sudo groupadd groupname |
| Delete a group | sudo groupdel groupname |
Displaying User Groups
Before modifying groups, it is useful to check a user’s current group membership.
The id
command displays the user’s UID, primary group, and all secondary groups:
id linuxizeuid=1000(linuxize) gid=100(users) groups=100(users),10(wheel),95(storage),98(power),990(libvirt),993(docker),999(kvm)The groups command prints only the group names:
groups linuxizewheel storage power users libvirt docker kvmIf you omit the username, both commands display information for the currently logged-in user.
Listing All Groups on the System
To list all groups on the system:
getent groupTo list all members of a specific group:
getent group dockerdocker:x:993:linuxize,deployAdding a User to a Group
Before changing group membership, make sure both the user and group already exist. The usermod command does not create missing users or groups for you.
Check the user with getent passwd:
getent passwd linuxizeCheck the group with getent group:
getent group dockerIf both commands return entries, you can add the user to the group.
To add an existing user to a secondary group, use the usermod -a -G
command followed by the group name and the username:
sudo usermod -a -G groupname usernameFor example, to add the user linuxize to the docker group:
sudo usermod -a -G docker linuxize-a (append) option when adding a user to a group. If you omit -a, the user will be removed from all secondary groups not listed after the -G option.On success, the command produces no output. Verify the new membership with id:
id linuxizeuid=1000(linuxize) gid=1000(linuxize) groups=1000(linuxize),993(docker)Group changes apply after the user logs out and logs back in. To apply the change in the current session, run:
newgrp dockerThe newgrp command starts a shell with the selected group as the active group. For normal login sessions, logging out and signing back in is the cleaner option.
Adding a User to Multiple Groups
To add a user to multiple secondary groups at once, separate the group names with commas (no spaces):
sudo usermod -a -G group1,group2,group3 usernameFor example, to add linuxize to the docker and developers groups:
sudo usermod -a -G docker,developers linuxizeDo not put spaces after the commas. usermod expects one comma-separated list.
Changing a User’s Primary Group
To change a user’s primary group, use usermod with the lowercase -g option:
sudo usermod -g groupname usernameFor example, to change the primary group of the user linuxize to developers:
sudo usermod -g developers linuxizeNote the difference: -G (uppercase) sets secondary groups, -g (lowercase) sets the primary group.
Creating a User with Groups
The useradd
command can assign both primary and secondary groups when creating a new user:
sudo useradd -g users -G wheel,developers nathanThis creates a user nathan with users as the primary group and wheel and developers as secondary groups.
Removing a User from a Group
To remove a user from a group, use the gpasswd command with the -d option:
sudo gpasswd -d username groupnameFor example, to remove linuxize from the docker group:
sudo gpasswd -d linuxize dockerCreating and Deleting Groups
To create a new group :
sudo groupadd groupnameTo delete a group :
sudo groupdel groupnameYou cannot delete a group that is a user’s primary group. Change the user’s primary group first.
Troubleshooting
Group changes do not apply in the current shell
Linux reads a user’s groups when the session starts. If id username shows the new group but the user still cannot access the resource, log out and log back in. For a temporary shell with the new group, run newgrp groupname.
usermod: user 'username' does not exist
The username is missing or spelled differently. Check the account with getent passwd username. If you need to create the user first, use useradd
or your distribution’s user management tool.
usermod: group 'groupname' does not exist
The group must exist before you can add a user to it. Check it with getent group groupname. If it is missing, create it with sudo groupadd groupname, then run usermod -a -G groupname username again.
The user lost access to other groups after running usermod -G
This happens when -G is used without -a. The command replaces the user’s secondary groups with the groups listed after -G. Add the missing groups back with sudo usermod -a -G group1,group2 username, then verify with id username.
FAQ
What happens if I forget the -a flag with usermod -G?
The user will be removed from all secondary groups except those listed in the command. This is the most common mistake when managing groups. Always use -a -G together.
Do group changes take effect immediately?
No. The user must log out and log back in for the new group membership to take effect. You can verify by running id username; the change shows up there immediately, but the user’s active session still uses the old groups.
What is the difference between -g and -G in usermod?
Lowercase -g sets the user’s primary group. Uppercase -G sets secondary (supplementary) groups. When used with -a, -G appends to the existing list instead of replacing it.
How do I find out which groups exist on the system?
Run getent group to list all groups, or getent group groupname to check whether a specific group exists and see its members.
Can a user belong to multiple primary groups?
No. Each user has exactly one primary group. To grant access to multiple resources, use secondary groups.
Conclusion
The usermod -a -G command adds existing users to secondary groups in Linux. Use id, groups, and getent to verify the change, and always include -a when working with -G so existing group memberships stay intact.
Tags
Linuxize Weekly Newsletter
A quick weekly roundup of new tutorials, news, and tips.
About the authors
Dejan Panovski
Dejan Panovski is the founder of Linuxize, an RHCSA-certified Linux system administrator and DevOps engineer based in Skopje, Macedonia. Author of 800+ Linux tutorials with 20+ years of experience turning complex Linux tasks into clear, reliable guides.
View author page